Jump to content

Nod32:Never got an alert ....


novice
 Share

Recommended Posts

Hi,

 

Never got an alert , in more than 2 years, from HIPS, document protection, self defense, advanced memory scanner, exploit blocker, anti- protection,

 

All I got was on access / execution detection and malicious website protection, like any other common AV.

 

Are these settings for real????

Link to comment
Share on other sites

Yes, I can.

 

I am using NOD32 v 804 ; in almost 2 years I never got an alert from  HIPS, document protection, self defense, advanced memory scanner, exploit blocker; so what I am trying to say is that all alerts I got were signature based detections (on access or on demand) but nothing else.

 

I used some different AV's with a very simple GUI ( Avira, MSE, Trend Micro); compared to them NOD 32 seems very sophisticated in settings, but are these settings for real???? How come I never got an alert related to them???? (If you switch HIPS to interactive, yes You will get a lot of Allow/deny questions)

 

I would expect t see something like "ESET detected an exploit attempt"  or something like that , but I repeat Never happened!

Link to comment
Share on other sites

  • ESET Staff

Hi @John Alex,

 

Thanks for explain.

 

Well, if you are a good sailor on the Internet, you will never have an alert except the database signature

update.

However, if you want to test if the protection are active, they are 2 webpages, one for the antivirus and

the other for the HIPS.

 

I hope you are using the ESET NOD32 Antivirus v9.0.402.x.

That is the latest one.

 

Also, if you not sure if your configuration is ok, then you can rollback to the preset one using the

button "Defaults" on "Advanced configuration".

 

Antivirus - Eicar test detection - https://en.wikipedia.org/wiki/EICAR_test_file

https://secure.eicar.org/eicar.com.txt

 

HIPS

www.amtso.org/feature-settings-check-cloud-lookups/

Here are the links:

 

Hope this help you.

Link to comment
Share on other sites

Hi Gonzalo,

 

Thank you for your answer!

 

The Eicar virus is being detected by each and every antivirus on the market, so its detection is irrelevant.

 

www.amtso.org/feature-settings-check-cloud-lookups/       offers CloudCar test file which DOESN'T trigger a HIPS alert ( is detected even by MSE!)

 

So, we are back to square one!

Link to comment
Share on other sites

  • Administrators

CloudCar should be detected by web access protection upon download provided that you have LiveGrid as well as web access protection enabled and functional.

Link to comment
Share on other sites

Hi Gonzalo,

 

Thank you for your effort to help, but seems like There is a misunderstanding: I could provide the ESET version and the rest , but what I was saying is that IN 2 YEARS  I never got an alert from  HIPS, document protection, self defense, advanced memory scanner, exploit blocker

 

So, what version I am running now is not relevant (BTW, is NOD 32 v 804, everything up-to date, on three different PC's, and the statement is valid for all three)

Link to comment
Share on other sites

Hi,

 

Never got an alert , in more than 2 years, from HIPS, document protection, self defense, advanced memory scanner, exploit blocker, anti-###### protection,

 

All I got was on access / execution detection and malicious website protection, like any other common AV.

 

Are these settings for real????

Same here and I have been using it since 2013.

 

I like to think that it is related to my surfing habits.

 

Maybe I am wrong.

Link to comment
Share on other sites

  • ESET Insiders

Hi John

I think what you want to know is of these features actually provide any improvements to your protection, and they do (except document protection which is legacy and disabled by default).

However the first line of defense is still the signatures. Eset uses DNA signatures which are not simple one to one file matches like in the old days. It also matches files to behavior.

The rest of the protection features will be used if something slips past the signatures.

So for the main part signatures are what's used and only after that fails will it use the other techniques.

And even then stuff like the advanced memory scanner will still display as a normal real-time scanner alert as it simply adds features to the real-time scanner.

So it's there for good reason.

Link to comment
Share on other sites

Hi Gonzalo,

 

Thank you for your answer!

 

The Eicar virus is being detected by each and every antivirus on the market, so its detection is irrelevant.

 

www.amtso.org/feature-settings-check-cloud-lookups/       offers CloudCar test file which DOESN'T trigger a HIPS alert ( is detected even by MSE!)

 

So, we are back to square one!

For starters, MSE and many other AV products for that matter will detect the cloudcar.exe test file upon download. All that is required is that their real time scan engine is set to detect upon file creation. However, that is not a valid "pass" for this specific test. The AMTSO Cloudcar test is designed to be detected by AV products that employ a network based web filter such as Eset does. In other words, the cloudcar.exe file must be detected prior to physical downloading of it. Also in Win 10, SmartScreen will detect any attempted download of the cloudcar.exe file.

 

Eset is designed to pass all the AMTSO Desktop tests. I have used same multiple times to test Eset's Smart Security protections and every time, each test threat was detected. It appears something is wrong with how you have Eset configured. For example if Eset's web filtering is disabled or your browser has not been specified as a protected application, the cloudcar.exe test will fail. Or, you are using other real time security software and it is interfering with Eset's operation.

Edited by itman
Link to comment
Share on other sites

Hi rekun,

 

Thank you for your answer!

I am not so sure I understand "So for the main part signatures are what's used and only after that fails will it use the other techniques"????

 

Signatures either match or not, there is no 'fail' in this area;

 

Either way not getting ONE alert in 2 years, which is not "signature related' ,casts a long shadow on all other fancy techniques used , supposedly, to better fight malwares. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...